-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Properly handle errors in the cookie's domain when setting a cookie w…
…ith the Cookie Store API https://bugs.webkit.org/show_bug.cgi?id=259529 Reviewed by Alex Christensen. The spec (https://wicg.github.io/cookie-store/#set-cookie-algorithm) dictates that in the set function, if the domain is not null, then if the domain begins with a '.', the promise should be rejected with a TypeError. If the domain does not begin with a '.' but the url's host is not equal to domain and it does not end with a '.' followed by the domain, the promise should be rejected with a TypeError. Additionally, if the byte sequence length of the domain (in UTF8 format) is greater than the maximum attribute value size (current 1024 bytes according to https://wicg.github.io/cookie-store/#cookie-maximum-attribute-value-size), then the promise should be rejected with a TypeError. This patch adds these checks. * LayoutTests/imported/w3c/web-platform-tests/cookie-store/cookieStore_delete_arguments.https.any-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/cookie-store/cookieStore_get_set_across_frames.https-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/cookie-store/cookieStore_opaque_origin.https-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/cookie-store/cookieStore_set_arguments.https.any-expected.txt: * Source/WebCore/Modules/cookie-store/CookieStore.cpp: (WebCore::CookieStore::set): Canonical link: https://commits.webkit.org/266351@main
- Loading branch information
1 parent
42c22e4
commit 58f6a2d
Showing
5 changed files
with
40 additions
and
20 deletions.
There are no files selected for viewing
16 changes: 8 additions & 8 deletions
16
...d/w3c/web-platform-tests/cookie-store/cookieStore_delete_arguments.https.any-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,16 @@ | ||
|
||
PASS cookieStore.delete with positional name | ||
PASS cookieStore.delete with name in options | ||
FAIL cookieStore.delete domain starts with "." assert_unreached: Should have rejected: undefined Reached unreachable code | ||
FAIL cookieStore.delete with domain that is not equal current host assert_unreached: Should have rejected: undefined Reached unreachable code | ||
FAIL cookieStore.delete with domain set to the current hostname assert_equals: expected null but got object "[object Object]" | ||
FAIL cookieStore.delete with domain set to a subdomain of the current hostname assert_unreached: Should have rejected: undefined Reached unreachable code | ||
FAIL cookieStore.delete with domain set to a non-domain-matching suffix of the current hostname assert_unreached: Should have rejected: undefined Reached unreachable code | ||
FAIL cookieStore.delete with path set to the current directory assert_equals: expected null but got object "[object Object]" | ||
PASS cookieStore.delete domain starts with "." | ||
PASS cookieStore.delete with domain that is not equal current host | ||
PASS cookieStore.delete with domain set to the current hostname | ||
PASS cookieStore.delete with domain set to a subdomain of the current hostname | ||
PASS cookieStore.delete with domain set to a non-domain-matching suffix of the current hostname | ||
PASS cookieStore.delete with path set to the current directory | ||
PASS cookieStore.delete with path set to subdirectory of the current directory | ||
FAIL cookieStore.delete with missing / at the end of path assert_equals: expected null but got object "[object Object]" | ||
PASS cookieStore.delete with missing / at the end of path | ||
PASS cookieStore.delete with path that does not start with / | ||
FAIL cookieStore.delete with get result assert_equals: expected null but got object "[object Object]" | ||
PASS cookieStore.delete with get result | ||
FAIL cookieStore.delete with positional empty name promise_test: Unhandled rejection with value: object "TypeError: Type error" | ||
FAIL cookieStore.delete with empty name in options promise_test: Unhandled rejection with value: object "TypeError: Type error" | ||
|
2 changes: 1 addition & 1 deletion
2
.../w3c/web-platform-tests/cookie-store/cookieStore_get_set_across_frames.https-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
|
||
FAIL cookieStore.get() sees cookieStore.set() in frame promise_test: Unhandled rejection with value: object "TypeError: null is not an object (evaluating 'frameCookie.value')" | ||
FAIL cookieStore.get() in frame sees cookieStore.set() promise_test: Unhandled rejection with value: object "TypeError: null is not an object (evaluating 'cookie.value')" | ||
FAIL cookieStore.get() in frame sees cookieStore.set() promise_test: Unhandled rejection with value: object "TypeError: The domain must be a part of the current host" | ||
|
2 changes: 1 addition & 1 deletion
2
...imported/w3c/web-platform-tests/cookie-store/cookieStore_opaque_origin.https-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
|
||
PASS cookieStore in non-sandboxed iframe should not throw | ||
FAIL cookieStore in non-sandboxed iframe should not throw assert_equals: cookieStore ${apiCall} should not throw expected "no exception" but got "TypeError" | ||
PASS cookieStore in sandboxed iframe should throw SecurityError | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters